Brian developed the initial Sublime Security Email Groups Connector for the OpenCTI-Platform/connectors repository, focusing on automated threat intelligence ingestion. He implemented an API integration in Python to retrieve malicious email message groups from Sublime Security and map them into OpenCTI as Incidents and Cases, aligning with the platform’s data model to support incident response workflows. Leveraging Docker for deployment and backend development skills, Brian established a reusable ingestion pipeline that enables scalable integration of new data sources. His work provided a foundation for improved visibility into email-based threats and demonstrated depth in API integration and data modeling within OpenCTI.